SANS ISC InfoSec Forums

'Nachi-B' (aka W32.Welchia.B.Worm) started to circulate yesterday.
Like Nachi-A, which was released last August, Nachi-B uses the
RPC DCOM vulnerability and the IIS WebDav vulnerability to enter
a system.

However, Nachi-B adds the Workstation service buffer overflow (MS03-049)
and the Locater service vulnerability (MS03-001) to its arsenal.

In addition to patching for the RPC DCOM vulnerability for some versions
of Windows, it will removed files left behind by MyDoom.

Microsoft patch MS04-004 ("Cumulative Security Update for Internet Explorer"), which was released earlier in February, removed the ability to add credentials to http and https URLs. However, this patch removed the ability to add a username
and password to XMLHTTP.open calls.